DNS Lookup Tool
Query DNS records for a domain and review answers, TTLs, and status from public resolvers.
What this tool does
This tool retrieves DNS records for a domain so you can verify where it points and how services like email are configured. It shows record values, TTLs, and response status from public resolvers. Use it to troubleshoot website access, email delivery, and verification records without making any changes.
Inputs explained
- Domain: The domain or hostname to query, such as example.com or www.example.com.
- Record type: The DNS record type to fetch (A, AAAA, MX, CNAME, NS, TXT, SOA, CAA).
How it works / Method
The tool sends a DNS query over HTTPS (DoH) to public recursive resolvers and displays the returned answer section, TTL values, and status code. TTL indicates how long resolvers may cache a record. Results are read-only and reflect the resolver cache or authoritative response at the time of lookup.
| Name | TTL | Type | Value |
|---|
Example
Input: Domain: example.com, Record type: A. Expected output: Status NOERROR with one or more IPv4 addresses listed, plus TTL values for each record. The provider badge shows which public resolver answered the query.
Use cases
- Verify A and AAAA records after a server migration.
- Check MX and TXT records for email deliverability (SPF, DKIM, DMARC).
- Confirm CNAME and CAA records before issuing a TLS certificate.
- Audit NS and SOA records for DNS management changes.
- Troubleshoot intermittent resolution or NXDOMAIN errors.
Limitations & notes
- Results depend on resolver cache and TTL values, so recent changes may not appear everywhere.
- This tool queries public resolvers and does not access private or internal DNS zones.
- DNSSEC validation is not performed; signatures are not checked here.
- Internationalized domains may require punycode formatting to resolve correctly.
Accuracy & Disclaimer
Results are returned from public DNS resolvers at query time. Treat them as diagnostic signals, not as authoritative registry records, and confirm critical changes with your DNS provider.
Frequently Asked Questions
What does a NOERROR or NXDOMAIN response mean?
NOERROR means the resolver successfully found the domain and returned a response. It does not guarantee the specific record type exists; you can still get an empty answer set (often called NODATA). NXDOMAIN means the domain name itself does not exist in DNS, so no records are returned. Temporary errors like SERVFAIL usually indicate resolver or upstream issues rather than a permanent domain problem.
Why do results differ between resolvers?
Resolvers cache answers based on TTL values, so two providers can show different results if one has older cached data. Some resolvers also use anycast networks, regional routing, or different upstream sources, which can influence what you see. Load balancing and geo-DNS configurations can return different answers based on where the query is resolved. Checking multiple providers helps verify whether changes have fully propagated.
What is TTL and why is it shown?
TTL (time to live) is the number of seconds a resolver is allowed to cache a DNS record before it must ask again. A longer TTL reduces DNS query load but makes changes take longer to appear. A shorter TTL speeds up change visibility but increases lookup traffic. Showing TTL helps you estimate how long it may take for updates to be seen across the internet.
Can I verify email records with this tool?
Yes. Use MX records to confirm which mail servers receive email for the domain. TXT records commonly contain SPF, DKIM, and DMARC policies used for email authentication and anti-spoofing. You can also check for verification records used by email providers and SaaS platforms. For best results, confirm that the values match what your provider expects and that TTLs are reasonable.
Does this tool validate DNSSEC?
No. This tool shows DNS record data returned by public resolvers but does not perform DNSSEC validation. DNSSEC validation requires checking digital signatures (RRSIG records) against trusted keys (DNSKEY and DS). If you need DNSSEC status, use a specialized validator or check your DNS provider for DNSSEC configuration and validation reports. DNSSEC-aware resolvers and registry tools can also confirm the chain of trust.
What should I do if no records are returned?
First confirm the domain spelling and try a different record type. An empty answer can mean the domain exists but that specific record type is not set. NXDOMAIN means the domain itself is not registered or not delegated correctly. If you recently made DNS changes, caching and propagation can also delay visibility. Checking authoritative nameservers and waiting for TTL expiration usually resolves this.
Sources & references
- RFC 1034: Domain names - concepts and facilities - Core DNS concepts and terminology.
- RFC 1035: Domain names - implementation and specification - Record types and response format details.
- RFC 8484: DNS over HTTPS (DoH) - Transport method used for DNS queries over HTTPS.
- RFC 2308: Negative caching of DNS queries - Explains NXDOMAIN and caching behavior.
- IANA Root Zone Management - Authoritative source for TLD delegation context.